Electronic commerce cards are frequently used by consumers to make purchases from merchants over the Internet. Electronic commerce cards include credit cards, debit cards, prepaid purchase cards, travel cards, or any other system that can be used instead of cash to purchase goods or services. To prevent fraud, electronic commerce card associations and/or issuers have instituted authentication systems to ensure that electronic commerce cards are only used by authorized cardholders. One example of an authentication system enables a cardholder to associate a password or other identifying information with an electronic commerce card. To make a purchase online, the consumer must provide the password associated or other identifying information with the electronic commerce card. This ensures that the person possessing the electronic commerce card is actually authorized to use the electronic commerce card.
Typical card processing systems use a decentralized, distributed computing model in which information is exchanged between merchants, electronic commerce card issuers and the card association to authenticate cardholders. Because of the distributed nature of the card processing system, authentication will fail if any portion of the system, such as a merchant system or a card issuer system, does not support its portion of the authentication. With thousands of card issuers and millions of merchants using a typical card processing system, deploying an authentication system among so many different entities is a difficult task. Additionally, merchants are reluctant to include authentication functions if the authentication system is only supported by a small number of card issuers.
It is therefore desirable to have an incentive for merchants and card issuers to implement an authentication system. It is further desirable that the authentication system provide merchants with proof of compliance with the authentication system.